WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Bloodhound.Exploit.33 infection [Solved]

Started by beachedwhale , Sep 27 2014 05:52 AM

This topic is locked

32 replies to this topic

#16 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 30 September 2014 - 02:06 PM

Yep, sometimes this stuff gets real evolved.

Lets do this to make sure there is nothing else to worry about on your system

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

Click the button.

For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.

Double click on the icon on your desktop.

Check

Click the button.

Accept any security warnings from your browser.

Check

Make sure that the option "Remove found threats" is Unchecked

Push the Start button.

ESET will then download updates for itself, install itself, and begin

scanning your computer. Please be patient as this can take some time.

When the scan completes, push

Push , and save the file to your desktop using a unique name, such as

ESETScan. Include the contents of this report in your next reply.

Push the button.

Push

Please make sure you include the following items in your next post:

The log that was produced after running ESET Online Scanner.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#17 beachedwhale

New Member

Authentic Member
17 posts

Posted 01 October 2014 - 03:29 PM

Sorry ESET seems to have cleaned things. Anyway here's the log

C:\isobuster_eng.exe   a variant of Win32/SmartFileAdvisor.A potentially unwanted application   deleted - quarantined
C:\zaSetup_92_057_000_en.exe   a variant of Win32/Toolbar.Conduit.AI potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Application Data\adawaretb\adawaretb.dll.vir   a variant of Win32/Toolbar.Visicom.A potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Documents and Settings\Owner\Application Data\adawaretb\dtUser.exe.vir   a variant of Win32/Toolbar.Visicom.C potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawareDx.dll.vir   a variant of Win32/Toolbar.Visicom.B potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\adawaretb.dll.vir   a variant of Win32/Toolbar.Visicom.A potentially unwanted application   deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\adawaretb\dtUser.exe.vir   a variant of Win32/Toolbar.Visicom.C potentially unwanted application   deleted - quarantined
C:\APPSINSTetc\FreeEasyCDDVDBurnerSetup-r101-w.exe   Win32/Toolbar.SearchSuite potentially unwanted application   deleted - quarantined
C:\APPSINSTetc\isobuster_all_lang.exe   a variant of Win32/Toolbar.Conduit.AI potentially unwanted application   deleted - quarantined
C:\APPSINSTetc\zafwSetupWeb_110_000_038.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\APPSINSTetc\zafwSetupWeb_131_211_000.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\APPSINSTetc\zafwSetupWeb_133_052_000.exe   Win32/Toolbar.Conduit potentially unwanted application   deleted - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM13.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SweetIM40.zip   Win32/Bagle.gen.zip worm   cleaned by deleting - quarantined
C:\Program Files\Smart File Advisor\sfa.exe   a variant of Win32/SmartFileAdvisor.A potentially unwanted application   deleted - quarantined
C:\Program Files\Smart File Advisor\sfa_inst.exe   a variant of Win32/SmartFileAdvisor.A potentially unwanted application   deleted - quarantined

#18 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 01 October 2014 - 04:30 PM

Hey,

You need to read when we post instructions for running tools, there is a great deal of thought went into them, if ESET would have removed something legit and caused problems we could wind up with a bunch more problems. Luckily it removed some threats

How are things things running now

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#19 beachedwhale

New Member

Authentic Member
17 posts

Posted 04 October 2014 - 01:26 PM

I read your posts very carefully. If I missed a don't clean checkbox, I'm sorry. I make mistakes.

Your help is highly appreciated.

A couple of BE33 alerts, otherwise the computer seems to be running well.

#20 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 04 October 2014 - 02:02 PM

Run Norton to scan your system and post the report so I can see where those alerts are coming from

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#21 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 October 2014 - 05:45 AM

Those alerts may also be from sites you go into

Open notepad (Start --> All Programs --> Accessories --> Notepad).

Please copy the entire contents of the code box below.

(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).

Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.

You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.

Start
SearchScopes: HKCU - {7219660F-EBBB-BDCF-159B-1D09FC0C20C8} URL = http://www.mirostart...cfg=2-73-0-g6GW
Hosts:
EmptyTemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Then run a new scan with FRST and let me look over the new log please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#22 beachedwhale

New Member

Authentic Member
17 posts

Posted 05 October 2014 - 10:07 AM

Scan Statistics:
Scan Start:
   Local: 05/10/2014 15:30
   UTC: 05/10/2014 14:30
Scan Time: 5,551 seconds
Scan Targets: Entire computer
Counts:
   Total items scanned: 627,395
   - Files & Directories: 624,972
   - Registry Entries: 443
   - Processes & Start-up Items: 1,366
   - Network & Browser Items: 597
   - Other: 5
   - Trusted Files: 6,540
   - Skipped Files: 133

   Total security risks detected: 0
   Total items resolved: 0
   Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

#23 beachedwhale

New Member

Authentic Member
17 posts

Posted 05 October 2014 - 10:23 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-10-2014
Ran by Owner at 2014-10-05 17:13:45 Run:2
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
SearchScopes: HKCU - {7219660F-EBBB-BDCF-159B-1D09FC0C20C8} URL = http://www.mirostart...cfg=2-73-0-g6GW
Hosts:
EmptyTemp:
End
*****************

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7219660F-EBBB-BDCF-159B-1D09FC0C20C8}" => Key deleted successfully.
"HKCR\CLSID\{7219660F-EBBB-BDCF-159B-1D09FC0C20C8}" => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 17.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#24 beachedwhale

New Member

Authentic Member
17 posts

Posted 05 October 2014 - 10:29 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-10-2014
Ran by Owner (administrator) on HP-ONE on 05-10-2014 17:24:17
Running from C:\Documents and Settings\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\WINDOWS\system\hpsysdrv.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Agere Systems) C:\WINDOWS\AGRSMMSG.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\ALCMTR.EXE
(Lavasoft) C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\nav.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\windows\system\hpsysdrv.exe [52736 1998-05-08] (Hewlett-Packard Company)
HKLM\...\Run: [KBD] => C:\HP\KBD\KBD.EXE [61440 2003-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] => C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-14] ()
HKLM\...\Run: [AGRSMMSG] => C:\WINDOWS\AGRSMMSG.exe [88363 2004-06-29] (Agere Systems)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [57344 2004-04-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PS2] => C:\WINDOWS\system32\ps2.exe [81920 2002-10-16] (Hewlett-Packard Company)
HKLM\...\Run: [Ad-Aware Browsing Protection] => C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [198032 2011-10-21] (Lavasoft)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [440632 2014-08-29] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-765943430-1787625549-695394895-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy2\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-765943430-1787625549-695394895-1003\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-765943430-1787625549-695394895-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
ShortcutTarget: HP Digital Imaging Monitor.lnk.disabled -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk.disabled
ShortcutTarget: Microsoft Office.lnk.disabled -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk.disabled
ShortcutTarget: Quicken Scheduled Updates.lnk.disabled -> C:\Program Files\Quicken\bagent.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk.disabled
ShortcutTarget: Updates from HP.lnk.disabled -> C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk.disabled
ShortcutTarget: Windows Search.lnk.disabled -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk.disabled
ShortcutTarget: BBC iPlayer Desktop.lnk.disabled -> C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HP Organize.lnk.disabled
ShortcutTarget: HP Organize.lnk.disabled -> C:\Program Files\Hewlett-Packard\HP Organize\bin\displayAgent.exe (NeoPlanet)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk.disabled
ShortcutTarget: IMStart.lnk.disabled -> C:\Program Files\InterMute\IMStart.exe (No File)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus QuickStart.lnk.disabled
ShortcutTarget: Lotus QuickStart.lnk.disabled -> C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus SmartCenter 97.lnk.disabled
ShortcutTarget: Lotus SmartCenter 97.lnk.disabled -> C:\lotus\smartctr\smartctr.exe (Lotus Development Corporation.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Lotus SuiteStart 97.lnk.disabled
ShortcutTarget: Lotus SuiteStart 97.lnk.disabled -> C:\lotus\smartctr\suitest.exe (Lotus Development Corporation.)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk.disabled
ShortcutTarget: OpenOffice.org 3.3.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk.disabled
ShortcutTarget: OpenOffice.org 3.4.1.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x001C403E00D0CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
SearchScopes: HKCU - {086DAB07-3DCE-40A4-98D9-2D120DA4C84F} URL = http://search.zoneal...tsId=&ver=&&r=0
SearchScopes: HKCU - {32C5C3B5-8F2F-4831-9305-57C47B323786} URL = http://search.yahoo....=utf-8&fr=b1ie7
SearchScopes: HKCU - {ABD5E0E2-1848-48FA-ACCF-F55B1249A1D3} URL = http://www.google.co...rchTerms}&meta=
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://uk.search.yah...p={searchTerms}
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy2\SDHelper.dll (Safer Networking Limited)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name -> {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} -> No File
BHO: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKLM - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
Toolbar: HKLM - No Name - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - No File
Toolbar: HKCU - HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.micro...gWebControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @macromedia.com/FlashPlayer10 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @macromedia.com/FlashPlayer10 -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npBTEmailConfig.dll (British Telecommunications Plc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\duckduckgo-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\Access Privileges Test [2010-07-02]
FF Extension: British English Dictionary - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2010-12-11]
FF Extension: No Name - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\nostmp [2011-03-26]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-29]
FF Extension: EPUBReader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2014-08-21]
FF Extension: DownloadHelper - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Adobe DLM (powered by getPlus®) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010-12-11]
FF Extension: SearchPreview - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}(2) [2010-11-12]
FF Extension: Save Images - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\LDSI_plashcor@gmail.com.xpi [2013-05-30]
FF Extension: Print Edit - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\printedit@DW-dev.xpi [2012-04-26]
FF Extension: Bluhell Firewall - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2014-08-12]
FF Extension: Search By Image (by Google) - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\gzu4ievc.default\Extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi [2013-05-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-03-29]
FF HKLM\...\Firefox\Extensions: [{203FB6B2-2E1E-4474-863B-4C483ECCE78E}] - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST
FF Extension: Norton Safe Web Lite Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.0.1.8\coFFNST [2010-08-05]

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [441144 2014-08-29] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2009-08-24] (Alcatel-Lucent) [File not signed]
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.6.0.32\NAV.exe [262968 2014-09-21] (Symantec Corporation)
R2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\1.0.1.8\ccSvcHst.exe [126904 2010-05-23] (Symantec Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 Usmsaud; No ImagePath

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFS2K; C:\WINDOWS\system32\Drivers\AFS2K.sys [43672 2004-05-12] (Oak Technology Inc.)
R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\BASHDefs\20140912.003\BHDrvx86.sys [1137368 2014-09-12] (Symantec Corporation)
R1 ccSet_NAV; C:\WINDOWS\system32\drivers\NAV\1506000.020\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-09-09] (Symantec Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47896 2014-08-30] ()
R0 fasttx2k; C:\WINDOWS\System32\DRIVERS\fasttx2k.sys [142336 2003-12-03] (Promise Technology, Inc.)
R3 IDSxpx86; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\IPSDefs\20141003.001\IDSxpx86.sys [448664 2014-08-29] (Symantec Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [53208 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-10-05] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20141004.016\NAVENG.SYS [95704 2014-08-21] (Symantec Corporation)
S3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.4.0.13\Definitions\VirusDefs\20141004.016\NAVEX15.SYS [1636696 2014-08-21] (Symantec Corporation)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [46976 2002-10-05] (Realtek Semiconductor Corporation )
S3 scsiscan; C:\WINDOWS\System32\DRIVERS\scsiscan.sys [11520 2008-04-13] (Microsoft Corporation)
S3 SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [432000 2004-01-03] (Silicon Integrated Systems Corporation)
R1 SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [11520 2004-01-03] (Silicon Integrated Systems Corporation)
S3 SRTSP; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NAV\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NAV\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-07-31] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NAV\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1506000.020\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
R0 viaagp1; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [27904 2003-07-02] (VIA Technologies, Inc.)
S3 viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [134144 2004-02-05] (Copyright © VIA/S3 Graphics, Inc.)
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 17:13 - 2014-10-05 17:13 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\FRST-OlderVersion
2014-10-05 17:04 - 2014-10-05 17:04 - 00001198 _____ () C:\Documents and Settings\Owner\My Documents\nortonscan.txt
2014-10-04 20:01 - 2014-10-04 20:02 - 00027686 _____ () C:\Documents and Settings\Owner\My Documents\cc_20141004_200138.reg
2014-10-02 20:06 - 2014-09-29 21:43 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20141002-200635.backup
2014-10-01 22:24 - 2014-10-01 22:24 - 00002342 _____ () C:\Documents and Settings\Owner\Desktop\ESETScan.txt
2014-10-01 20:16 - 2014-10-01 20:16 - 00000000 ____D () C:\Program Files\ESET
2014-10-01 20:15 - 2014-10-01 20:15 - 02347384 _____ (ESET) C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
2014-09-30 17:58 - 2014-09-30 17:58 - 00000000 ____D () C:\WINDOWS\Performance
2014-09-30 17:58 - 2014-09-30 17:58 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft Corporation
2014-09-30 17:52 - 2014-09-30 17:52 - 00000788 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Exploit.lnk
2014-09-30 17:52 - 2014-09-30 17:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-09-30 17:52 - 2014-09-30 17:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-09-29 21:42 - 2014-10-05 17:24 - 00000000 ____D () C:\FRST
2014-09-29 21:40 - 2014-10-05 17:13 - 01100800 _____ (Farbar) C:\Documents and Settings\Owner\Desktop\FRST.exe
2014-09-29 18:13 - 2014-09-29 18:14 - 00035186 _____ () C:\Documents and Settings\Owner\Desktop\Addition.txt
2014-09-29 18:11 - 2014-10-05 17:24 - 00024117 _____ () C:\Documents and Settings\Owner\Desktop\FRST.txt
2014-09-29 18:02 - 2014-09-29 18:02 - 00037906 _____ () C:\Documents and Settings\Owner\My Documents\FRST.txt
2014-09-29 18:02 - 2014-09-29 18:02 - 00035352 _____ () C:\Documents and Settings\Owner\My Documents\Addition.txt
2014-09-28 21:41 - 2014-09-28 21:41 - 00001260 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-09-28 21:22 - 2014-09-28 21:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-09-28 21:20 - 2014-09-28 21:20 - 01699276 _____ (Thisisu) C:\Documents and Settings\Owner\Desktop\JRT.exe
2014-09-28 21:07 - 2014-09-28 21:11 - 00000000 ____D () C:\AdwCleaner
2014-09-28 21:05 - 2014-09-28 21:05 - 01373475 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-09-28 17:18 - 2014-09-28 17:18 - 00090112 ___SH () C:\Documents and Settings\Owner\My Documents\Thumbs.db
2014-09-28 17:02 - 2014-09-28 17:07 - 00002550 _____ () C:\Documents and Settings\Owner\My Documents\aswMBR.txt
2014-09-28 17:02 - 2014-09-28 17:07 - 00000512 _____ () C:\Documents and Settings\Owner\My Documents\MBR.dat
2014-09-28 16:51 - 2014-09-28 16:59 - 05185536 _____ (AVAST Software) C:\Documents and Settings\Owner\Desktop\aswMBR.exe
2014-09-25 21:02 - 2014-09-25 21:15 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\NPE
2014-09-25 21:02 - 2014-09-25 21:02 - 00069720 _____ () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-09-25 21:02 - 2014-09-25 21:02 - 00001186 _____ () C:\Documents and Settings\Administrator.HP-ONE\My Documents\norton.txt
2014-09-25 18:17 - 2014-10-05 15:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-21 13:31 - 2014-09-21 14:00 - 00000000 ____D () C:\vandy1
2014-09-20 10:38 - 2014-09-20 10:38 - 00059325 _____ () C:\Diecast Models _ Buy Diecast Models & Plastic Hobby Kits _ KH Norton.htm
2014-09-20 10:38 - 2014-09-20 10:38 - 00000000 ____D () C:\Diecast Models _ Buy Diecast Models & Plastic Hobby Kits _ KH Norton_files
2014-09-20 02:20 - 2014-10-03 22:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes Anti-Exploit
2014-09-18 20:22 - 2014-09-25 21:15 - 00000178 ___SH () C:\Documents and Settings\Administrator.HP-ONE\ntuser.ini
2014-09-18 20:22 - 2014-09-25 21:15 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Temp
2014-09-18 20:22 - 2014-09-18 20:22 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE
2014-09-18 20:22 - 2010-01-22 12:28 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Macromedia
2014-09-18 20:22 - 2009-12-09 18:59 - 00000000 __SHD () C:\Documents and Settings\Administrator.HP-ONE\IETldCache
2014-09-18 20:22 - 2004-05-31 20:24 - 00000000 ___RD () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Accessories
2014-09-18 20:22 - 2004-05-13 07:03 - 00000847 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Internet Explorer.lnk
2014-09-18 20:22 - 2004-05-13 06:57 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Symantec
2014-09-18 20:22 - 2004-05-12 13:28 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Online Services
2014-09-18 20:22 - 2004-05-12 13:23 - 00000128 _____ () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\fusioncache.dat
2014-09-18 20:22 - 2004-05-12 13:05 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\SampleView
2014-09-18 20:22 - 2004-05-12 12:29 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\WINDOWS
2014-09-18 20:22 - 2004-05-12 11:59 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Real
2014-09-18 20:22 - 2004-05-12 08:27 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Application Data\Sun
2014-09-18 20:22 - 2004-05-12 08:26 - 00000000 ____D () C:\Documents and Settings\Administrator.HP-ONE\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
2014-09-18 20:22 - 2004-05-12 07:44 - 00015619 _____ () C:\Documents and Settings\Administrator.HP-ONE\ml1.srt
2014-09-18 20:22 - 2004-05-12 07:44 - 00015420 _____ () C:\Documents and Settings\Administrator.HP-ONE\ml2.srt
2014-09-18 20:22 - 2004-05-12 07:44 - 00007593 _____ () C:\Documents and Settings\Administrator.HP-ONE\tempdiff.txt
2014-09-18 20:22 - 2004-05-12 07:28 - 00000738 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Outlook Express.lnk
2014-09-18 20:22 - 2004-05-12 07:25 - 00001599 _____ () C:\Documents and Settings\Administrator.HP-ONE\Start Menu\Programs\Remote Assistance.lnk
2014-09-18 19:57 - 2014-09-18 19:57 - 00001336 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140918_195703.reg
2014-09-12 21:56 - 2014-09-12 21:56 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\My Received Files
2014-09-12 18:08 - 2014-09-27 17:45 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-09-09 21:27 - 2014-09-09 21:27 - 00058892 ____H () C:\WINDOWS\system32\mlfcache.dat
2014-09-07 15:35 - 2014-09-07 15:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MSN6
2014-09-07 14:29 - 2014-09-07 14:29 - 00000704 _____ () C:\Documents and Settings\Owner\My Documents\cc_20140907_142940.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-05 17:25 - 2008-02-19 15:46 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Temp
2014-10-05 17:21 - 2007-04-12 18:29 - 01557895 _____ () C:\WINDOWS\WindowsUpdate.log
2014-10-05 17:20 - 2014-09-03 21:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 17:19 - 2005-12-13 19:53 - 00178108 _____ () C:\WINDOWS\system32\nvapps.xml
2014-10-05 17:19 - 2004-05-12 00:22 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-10-05 17:19 - 2004-05-12 00:22 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-10-05 17:18 - 2005-02-21 18:40 - 00000188 _____ () C:\WINDOWS\system\hpsysdrv.DAT
2014-10-05 17:18 - 2004-05-12 07:25 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-10-05 17:16 - 2014-03-21 21:49 - 00524288 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-10-05 17:16 - 2004-05-12 07:28 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-10-05 17:16 - 2004-05-12 07:27 - 00032634 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-04 19:59 - 2004-05-12 07:27 - 00000000 ____D () C:\Documents and Settings\Owner
2014-10-04 19:58 - 2012-09-29 13:10 - 00000693 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2014-10-04 19:58 - 2012-09-29 13:10 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-04 13:15 - 2009-02-22 14:51 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Aircraft
2014-10-04 10:18 - 2012-05-04 13:54 - 00000000 ____D () C:\free
2014-10-03 22:48 - 2012-03-09 14:41 - 00000000 ____D () C:\Nigella
2014-10-03 21:41 - 2007-04-12 18:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-10-03 19:07 - 2010-12-24 16:53 - 00000000 ____D () C:\Scarlett
2014-10-02 19:54 - 2014-03-21 21:49 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-10-01 22:20 - 2011-08-06 13:43 - 00000000 ____D () C:\Program Files\Smart File Advisor
2014-09-30 22:10 - 2012-08-13 10:10 - 00000000 ____D () C:\Ryder
2014-09-29 21:45 - 2004-05-12 07:27 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp
2014-09-29 21:43 - 2004-05-12 07:27 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-09-28 21:10 - 2010-07-02 12:20 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\CheckPoint
2014-09-27 19:10 - 2012-04-25 21:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-27 11:49 - 2007-10-08 14:54 - 00002473 _____ () C:\Documents and Settings\Owner\Desktop\Microsoft Word (2).lnk
2014-09-26 20:49 - 1997-05-13 02:23 - 00000980 ____C () C:\WINDOWS\acroread.ini
2014-09-26 18:52 - 2012-02-16 11:54 - 00000000 ____D () C:\KRitchie6
2014-09-26 18:41 - 2011-10-29 12:59 - 00000000 ____D () C:\janehill
2014-09-25 21:15 - 2004-05-12 07:16 - 00000281 _____ () C:\boot.ini
2014-09-25 17:57 - 2009-06-18 19:43 - 00000000 ____D () C:\WINDOWS\system32\Drivers\NAV
2014-09-25 17:56 - 2014-07-31 01:16 - 00001896 _____ () C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
2014-09-25 17:56 - 2014-07-31 01:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus
2014-09-23 21:41 - 2004-05-12 07:24 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-09-23 19:35 - 2004-05-12 07:16 - 00001158 _____ () C:\WINDOWS\system32\wpa.dbl
2014-09-21 13:53 - 2007-04-09 12:03 - 00000102 ____C () C:\WINDOWS\vuepro32.ini
2014-09-21 11:54 - 2011-12-27 17:05 - 00000000 ____D () C:\jenkins
2014-09-20 13:08 - 2012-03-09 15:15 - 00000000 ____D () C:\CarolKirkwood
2014-09-17 00:31 - 2014-03-21 21:49 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-09-14 11:06 - 2004-05-12 07:23 - 00000000 ____D () C:\Program Files\MSN
2014-09-13 17:47 - 2014-07-30 23:37 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\NPE
2014-09-13 14:53 - 2012-03-29 16:00 - 00701104 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-09-13 14:53 - 2012-03-29 16:00 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-13 14:53 - 2011-05-19 11:13 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-09-12 18:12 - 2013-10-11 10:30 - 00000000 ____D () C:\pay
2014-09-12 18:09 - 2011-11-01 23:30 - 00000000 ____D () C:\X
2014-09-10 21:51 - 2013-08-14 13:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 21:39 - 2009-02-24 20:03 - 98758480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-07 15:36 - 2007-08-14 12:53 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\MSN6
2014-09-07 15:35 - 2004-05-12 08:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Online Services

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

#25 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 October 2014 - 10:56 AM

Looks fine.

Are you still getting those notifications from Norton ? If so when do you get them, is when you first start your computer or a bit later, do you get those notifications when you go online, if so what websites are you visiting to get them

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Advertisements

Register to Remove

#26 beachedwhale

New Member

Authentic Member
17 posts

Posted 05 October 2014 - 11:36 AM

No more notifications today.

The alerts have usually - but not always - been when I have been downloading images from lots of different websites.

I'm convinced they started when I attempted to download a large SR71A Blackbird (a plane) image from a Google images search.

#27 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 05 October 2014 - 11:46 AM

Might be downloading the image from a bad site, not sure

Lets do this as all the programs and scanners we have run look fine, I will keep this thread open for you for 3 or 4 days, post back and let me know how its going. If you download that image and get a notification let me know what site it is

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#28 beachedwhale

New Member

Authentic Member
17 posts

Posted 07 October 2014 - 12:04 PM

Ken545

No alerts so far.

Attempted the same image search but the results are different. However there are some similar results from a website:

namelessfaithlessgod.deviantart.com. Opinion seems divided over whether this site is malicious but with a name like that it should be.

I think you are right, dodgy website download has caused my problems.

#29 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 07 October 2014 - 12:34 PM

Upgrading to the Pro Version of Malwarebytes will block most bad sites from loading, the cost Is minimal but this is totally up to you. I have it on my two systems and on my kids and grandkids computers along with some friends

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#30 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 07 October 2014 - 12:39 PM

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.

Click Yes when asked are you sure you want to uninstall.

Both AdwCleaner.exe, its folder and all logs will be removed.

==========================================================

Please download DelFix and save the file to your Desktop.

Windows XP Double Click DelFix.exe to run the program.

Windows Vista > Win 7 > Win 8 Right Click on DelFix.exe and select RUN AS ADMINISTRATOR

Place a checkmark next to the following items

Activate UAC

Remove Disinfection Tools

Create registry backup

Reset System Settings

Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually

==========================================================

How did I get infected in the first place ?

Read these links and find out how to prevent getting infected again.

Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.

WhattheTech

Grinler BleepingComputer

GeeksTo Go

Dslreports

Safe Surfn

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme